A Senate energy panel unanimously approved a bill Thursday directing the energy sector to adopt lower-grade technology needed to facilitate better cyber security controls in the face of growing threats to critical infrastructure.
The Senate Energy and Natural Resources committee advanced the bipartisan Securing Energy Infrastructure Act (S.79), co-sponsored by Sens. Angus King (I-Maine) and Jim Risch (R-Idaho), which would establish a two-year pilot program to study possibly moving energy sector systems to analog controls and away from cyber-vulnerable digital infrastructure.
“In recent years, we’ve withstood cyber-attacks against our government agencies and businesses, but the threat of bigger and more harmful attacks from sophisticated cyber adversaries continues to grow by the day,” King said in a statement. “Despite continuing to receive warnings that grow more and more serious, so much of our vital national infrastructure remains vulnerable to devastating incursions. We cannot wait for a cyber disaster to strike before we address these weaknesses – now is the moment that we must act to shield our energy grid from a catastrophic attack.”
The bill aims to replicate the experience of Ukraine, which faced a cyber attack to its energy infrastructure in 2015 by the Russian state actors.
While knocking out portions of the country’s power grid, the attack was partially mitigated due to Ukraine’s use of less complex technology to operate its grid.
Under the bill, the Secretary of Energy would have 180 days to start a pilot program with the National Laboratories and industry partner to develop more isolated, human-controlled systems with fewer digital vulnerabilities.
The Energy Department’s director of the office of intelligence and counterintelligence would lead the program.
The bill also directs the Energy Secretary to establish a working group to assess the pilot program’s progress, as well as developing a national cyber-informed energy sector engineering strategy.
Members of the 10-person working group would include representatives from the Department of Defense, Department of Homeland Security, the DoE, the energy industry, the North American Electric Reliability Corporation, Nuclear Regulatory Commission, and the National Laboratories.
The bill now moves to the full Senate, but there is no date set for a floor vote.
“There is a clear, demonstrable need to develop techniques and technologies to better secure our grid from cyber vulnerabilities,” Risch said in a statement. “As we re-examine our infrastructure security, this bipartisan approach would utilize the unique assets and expertise of our National Laboratories to drive innovation. The Energy and Natural Resources Committee has taken an important step forward today and I trust the full Senate will follow suit soon.”